www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: suexec/946: The "User" directive fails for virtual hosts where the user differs from that for the main server.
Date Mon, 04 Aug 1997 03:20:03 GMT
The following reply was made to PR suexec/946; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Ronny Cook <ronny@tmx.com.au>
Subject: Re: suexec/946: The "User" directive fails for virtual hosts where the user differs
from that for the main server.
Date: Sun, 3 Aug 1997 21:12:23 -0600 (MDT)

 
 On Mon, 4 Aug 1997, Ronny Cook wrote:
 
 > > Date: Sat, 2 Aug 1997 14:14:38 -0600 (MDT)
 > > From: Marc Slemko <marcs@znep.com>
 > > cc: apbugs@apache.org
 > > 
 > > On Fri, 1 Aug 1997, Ronny Cook wrote:
 > [...]
 > >> It could be a documentation bug rather than a program bug, I suppose, but
 > >> if so that begs the question of what is the server *supposed* to be doing
 > >> with the User directive?
 > > 
 > > No, that is not the way things should work and I don't really see that
 > > being implied by the above docs.
 > 
 > I agree it's thin, but it seemed to be the only reasonable interpretation
 > assuming that the "User" command was to be meaningful for virtual hosts.
 > > 
 > > Apache will never setuid() after its initial change to the user specified
 > > by the main User directive (if started as root; if not started as root, it
 > > will never setuid() at all).  To use suexec, suexec _needs_ to be setuid
 > > root so it can setuid() to the appropriate user.  That is the whole point
 > > of suexec; Apache does not run as root beacause that is a huge security
 > > risk, so it can't setuid().  That means suexec is the one that has to do
 > > that.
 > > 
 > I know, but you still haven't answered my final question. If the User
 > directive doesn't set the user under which the daemon runs (and it doesn't)
 > what *does* it do? At the moment it seems to be a null operation; it doesn't
 > do anything, even when suexec is enabled, so far as I can see.
 > 
 > If User does nothing, why is it there?
 
 It tells Apache what user to tell suexec to run CGIs as.
 

Mime
View raw message